{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T02:53:03Z","timestamp":1760237583279,"version":"build-2065373602"},"reference-count":33,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2020,6,2]],"date-time":"2020-06-02T00:00:00Z","timestamp":1591056000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100010418","name":"Institute for Information and Communications Technology Promotion","doi-asserted-by":"publisher","award":["2017-0-00661","2016-6-00599"],"award-info":[{"award-number":["2017-0-00661","2016-6-00599"]}],"id":[{"id":"10.13039\/501100010418","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"In the Internet of Things (IoT) systems, it is often required to deliver a secure message to a group of devices. The public key broadcast encryption is an efficient primitive to handle IoT broadcasts, by allowing a user (or a device) to broadcast encrypted messages to a group of legitimate devices. This paper proposes an IoT-friendly subset representation called Combinatorial Subset Difference (CSD), which generalizes the existing subset difference (SD) method by allowing wildcards (*) in any position of the bitstring. Based on the CSD representation, we first propose an algorithm to construct the CSD subset, and a CSD-based public key broadcast encryption scheme. By providing the most general subset representation, the proposed CSD-based construction achieves a minimal header size among the existing broadcast encryption. The experimental result shows that our CSD saves the header size by 17% on average and more than 1000 times when assuming a specific IoT example of IP address with 20 wildcards and 2 20 total users, compared to the SD-based broadcast encryption. We prove the semantic security of CSD-based broadcast encryption under the standard l-BDHE assumption, and extend the construction to a chosen-ciphertext-attack (CCA)-secure version.<\/jats:p>","DOI":"10.3390\/s20113140","type":"journal-article","created":{"date-parts":[[2020,6,2]],"date-time":"2020-06-02T09:19:27Z","timestamp":1591089567000},"page":"3140","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Combinatorial Subset Difference\u2014IoT-Friendly Subset Representation and Broadcast Encryption"],"prefix":"10.3390","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3387-3372","authenticated-orcid":false,"given":"Jiwon","family":"Lee","sequence":"first","affiliation":[{"name":"Department of Information System, Hanyang University, Seoul 04763, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Seunghwa","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Security Enhanced Smart Electric Vehicle, Kookmin University, Seoul 02707, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jihye","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, Kookmin University, Seoul 02707, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9044-7441","authenticated-orcid":false,"given":"Hyunok","family":"Oh","sequence":"additional","affiliation":[{"name":"Department of Information System, Hanyang University, Seoul 04763, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2020,6,2]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1016\/j.future.2014.10.010","article-title":"A lightweight attribute-based encryption scheme for the Internet of Things","volume":"49","author":"Yao","year":"2015","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1016\/j.comnet.2018.01.036","article-title":"Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted iot","volume":"133","author":"Belguith","year":"2018","journal-title":"Comput. Netw."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Kim, J.Y., Hu, W., Sarkar, D., and Jha, S. (2017, January 18\u201320). ESIoT: Enabling secure management of the internet of things. Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA.","DOI":"10.1145\/3098243.3098252"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1016\/j.csi.2015.06.007","article-title":"Fully secure fuzzy identity-based encryption for secure IoT communications","volume":"44","author":"Mao","year":"2016","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1007\/978-3-540-44993-5_5","article-title":"Public Key Broadcast Encryption for Stateless Receivers","volume":"2696","author":"Dodis","year":"2002","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Boneh, D., Boyen, X., and Goh, E. (2005, January 22\u201326). Hierarchical Identity Based Encryption with Constant Size Ciphertext. Proceedings of the Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark.","DOI":"10.1007\/11426639_26"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1007\/s10623-012-9702-6","article-title":"Complete tree subset difference broadcast encryption scheme and its analysis","volume":"66","author":"Bhattacherjee","year":"2013","journal-title":"Des. Codes Cryptogr."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1007\/3-540-44647-8_3","article-title":"Revocation and Tracing Schemes for Stateless Receivers","volume":"2139","author":"Naor","year":"2001","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_9","first-page":"1","article-title":"An Overview of the Advanced Access Content System (AACS)","volume":"25","author":"Henry","year":"2007","journal-title":"Cent. Appl. Cryptogr. Res. (Cacr)"},{"key":"ref_10","unstructured":"Lin, H., Cao, Z., Liang, X., Zhou, M., Zhu, H., and Xing, D. (2019, January 5\u20137). How to construct interval encryption from binary tree encryption. Proceedings of the International Conference on Applied Cryptography and Network Security, Bogota, Colombia."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"60333","DOI":"10.1109\/ACCESS.2019.2915373","article-title":"Identity-Based Revocation from Subset Difference Methods under Simple Assumptions","volume":"7","author":"Lee","year":"2019","journal-title":"IEEE Access"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1145\/568567.568570","article-title":"A secure multicast protocol with copyright protection","volume":"32","author":"Chu","year":"2002","journal-title":"Acm Sigcomm Comput. Commun. Rev."},{"key":"ref_13","unstructured":"Kumar, V., Kumar, R., and Pandey, S. (2018). A computationally efficient centralized group key distribution protocol for secure multicast communications based upon RSA public key cryptosystem. J. King Saud-Univ.-Comput. Inf. Sci., in press."},{"key":"ref_14","first-page":"12","article-title":"A Novel Two-party Key Agreement Protocol with the Environment of Wearable device using Chaotic maps","volume":"3","author":"Wang","year":"2019","journal-title":"DSPR"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"411","DOI":"10.1007\/s10207-010-0121-2","article-title":"Efficient trace and revoke schemes","volume":"9","author":"Naor","year":"2010","journal-title":"Int. J. Inf. Sec."},{"key":"ref_16","unstructured":"Boneh, D., and Waters, B. (November, January 30). A fully collusion resistant broadcast, trace, and revoke system. Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Delerabl\u00e9e, C. (2007, January 2\u20136). Identity-based broadcast encryption with constant size ciphertexts and private keys. Proceedings of the ASIACRYPT:International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia.","DOI":"10.1007\/978-3-540-76900-2_12"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Boneh, D., and Hamburg, M. (2008, January 7\u201311). Generalized identity based and broadcast encryption schemes. Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, VIC, Australia.","DOI":"10.1007\/978-3-540-89255-7_28"},{"key":"ref_19","first-page":"573","article-title":"Fully collusion resistant traitor tracing with short ciphertexts and private keys","volume":"2006","author":"Boneh","year":"2006","journal-title":"Adv. Cryptol. Eurocrypt"},{"key":"ref_20","unstructured":"Gentry, C., and Waters, B. (2009). Advances in Cryptology\u2014EUROCRYPT 2009: 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, 26\u201330 April 2009, Springer."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Yao, D., Fazio, N., Dodis, Y., and Lysyanskaya, A. (2004, January 25\u201329). ID-based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption. Proceedings of the ACM Conference on Computer and Communications Security, New York, NY, USA.","DOI":"10.1145\/1030083.1030130"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Canetti, R., Halevi, S., and Katz, J. (2004, January 2\u20136). Chosen-Ciphertext Security from Identity-Based Encryption. Proceedings of the Advances in Cryptology\u2014EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland.","DOI":"10.1007\/978-3-540-24676-3_13"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"258","DOI":"10.1007\/11535218_16","article-title":"Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys","volume":"3621","author":"Boneh","year":"2005","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"480","DOI":"10.1007\/3-540-48329-2_40","article-title":"Broadcast Encryption","volume":"773","author":"Fiat","year":"1993","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"511","DOI":"10.1007\/978-3-540-28628-8_31","article-title":"Efficient Tree-Based Revocation in Groups of Low-State Devices","volume":"3152","author":"Goodrich","year":"2004","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1007\/3-540-45708-9_4","article-title":"The LSD Broadcast Encryption Scheme","volume":"2442","author":"Halevy","year":"2002","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_27","unstructured":"Wallner, D.M., Harder, E.J., and Agee, R.C. (2020, June 02). Key Management for Multicast: Issues and Architectures. Available online: https:\/\/www.hjp.at\/(de,st_b)\/doc\/rfc\/rfc2627.html."},{"key":"ref_28","first-page":"708","article-title":"Multicast Security: A Taxonomy and Some Efficient Constructions","volume":"2","author":"Canetti","year":"1999","journal-title":"Proc. IEEE"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"5155","DOI":"10.1109\/TIT.2008.928959","article-title":"Skipping, Cascade, and Combined Chain Schemes for Broadcast Encryption","volume":"54","author":"Cheon","year":"2008","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_30","first-page":"1","article-title":"Public-key revocation and tracing schemes with subset difference methods revisited","volume":"8713","author":"Lee","year":"2014","journal-title":"Eur. Symp. Res. Comput. Secur."},{"key":"ref_31","first-page":"306","article-title":"Multicollisions in iterated hash functions. Application to cascaded constructions","volume":"3152","author":"Joux","year":"2004","journal-title":"Annu. Int. Cryptol. Conf."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"586","DOI":"10.1137\/S0097539701398521","article-title":"Identity-based encryption from the Weil pairing","volume":"32","author":"Boneh","year":"2003","journal-title":"Siam J. Comput."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"1301","DOI":"10.1137\/S009753970544713X","article-title":"Chosen-Ciphertext Security from Identity-Based Encryption","volume":"36","author":"Boneh","year":"2007","journal-title":"SIAM J. Comput."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/11\/3140\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:34:53Z","timestamp":1760175293000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/11\/3140"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,2]]},"references-count":33,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2020,6]]}},"alternative-id":["s20113140"],"URL":"https:\/\/doi.org\/10.3390\/s20113140","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2020,6,2]]}}}